11 Nov HTTP & HTTPS Duplication Issues with WordPress

With Google’s drive to make the web a safer and more secure place, it was announced the tail end of 2014 that HTTPS would be a ranking signal going forwards. Since this time, many folks have added an SSL certificate to their site to reap the (largely intangible) rewards offered by adding HTTPS.

However, in our day-to-day work in the SEO trenches at Bowler Hat, we are seeing ever more instances where the site runs on both HTTP and HTTPS with elements from both instances getting indexed and competing which can be harmful for your SEO.

Read on to find out more SEO tips on how you can resolve your HTTP & HTTPS duplication issue…

Canonical Conundrums

Fortunately, we have the Canonical URL. The SEO Superman. Your key to collating all of your URLs correctly tied back to a single master URL. That is – if the canonical is correctly implemented.

Unfortunately, what we are seeing on many WordPress sites running HTTPS is that the HTTP version of the site shows canonical URLs with the HTTP protocol and the HTTPS version of the site shows the canonical URL with the HTTPS protocol.

This implementation of the canonical URL further exacerbates the issue and both HTTP and HTTPS versions of the site are saying “me, me, me, I’m the one” – what we want here is to have a single canonical URL across all required versions of a URL.

To do this we can add some simple rules to our .htaccess file to action the redirect.

*Note: you will need to add this rule above the block of code used by WordPress to handle permalinks. Drop your redirect below that and when the WordPress redirect code is triggered it terminates execution of .htaccess rules with the L (last) switch and your rule never triggers. As a hint, if you see your CSS and images all redirecting but not your pages, then this (or some other rule) is preventing your redirect from working.

Redirect HTTP to HTTPS

For most of you out there, this is the rule you will want to implement to redirect all HTTP content to HTTPS:

A bit of an edge case this, but we have come across instances where a site has a HTTPS protocol yet wants to run the site (or most of it) on HTTP. This is no problem and you can handle this with a small variation on the rule above:

Should you have a small section of your site that you want to exclude from this redirection – a shopping cart or checkout or some such, then you can add an extra condition excluding that directory or page:

An Alternative Fix

For whatever reason, hacking the .htaccess file is not always an option (boo hiss) – fortunately, not all is lost and there are alternative ways to fix the canonical issues in WordPress. You will need to be running the Yoast WordPress SEO plugin, but of course – you should be running that anyway. 🙂

Fortunately, the Yoast WordPress SEO plugin has an API (Application Programmers Interface) where we can tweak the values of things like the canonical URL. To make a change to the canonical, we can use the wpseo_canonical filter to edit the protocol from http to https or vice versa.

As an interesting aside, the Yoast plugin used to have an option to fix the transport protocol, but that seems to have been pulled from more recent versions – not exactly sure why as that could simply eliminate these issues, but this will do the job and is not too arduous a hack to implement.

One Page to Rule Them All

Okay, folks – hope that helps you get any HTTP and HTTPS URL duplication issues dialled in. For the best possible SEO and to avoid any potential complications, we want a single authoritative version of each piece of content and putting these fixes in place enables that.

Marcus Miller

marcus@bowlerhat.co.uk

Marcus is our Digital Strategist. He’s been working in the industry for nearly 20 years and wears many (bowler) hats as a highly technical developer and SEO, and even has a fancy computer science degree to prove it.

Marcus Miller

I am using Semrush to carry out a site audit and it is showing a big problem with duplicate title tags. It looks like it is mostly problems with HTTP and HTTPS

There are 322 instances of duplicate title tags and a similar number of duplicate content I am concerned that this will affect the way Google views my site and impose some kind of penalty. I will try and use the .htaccess method first. How long does it take to take effect?